Mysql插入和更新

时间:2014-01-09 19:22:34

标签: php mysql insert

我需要一些帮助来理解mysql插入和更新方法。我正在运行Mamp,我知道php和mysql正在运行。我的数据库设置方式是他们在信息表中有一个键。数据被加密进入数据库,并在显示到passbook.html时解密。目前可以更新数据,但是如果更改了用户名或密码,则会在数据库中放置新条目而不是更新它。如何解决此问题以更新数据。如果更改密码或用户名,则应进行更新。如果网站被更改,它应该创建一个新条目并删除旧条目。

passbook.html 

<!DOCTYPE html>
<html>
<head>
    <title>Passbook</title>
</head>
<body >

 <header>

<h1> My Passbook</h1></header>
</header>
<body>        
<?php
    $count = 1;
?>

 <style>
#pass a{
visibility:hidden;
}
#pass:hover a{
visibility:visible;
}
td{
    text-align:center;
}
</style>

    <script type="text/javascript">
function checkBox(checkbox){
if(checkbox.checked)
    checkbox.value = 'Yes';
else
    checkbox.value = 'No';
}

function addRow(){
            var table = document.getElementById('table');
            var row = table.insertRow(-1);


            var count = document.getElementById('table').rows.length - 1;

            row.innerHTML="<td name='row' value='"+count+"'>"+count+"</td>"
                        + "<td><input name='" + count + "check' type='checkbox' value=''></input></td>"
                        + "<td><input name='" + count + "web' type='text'></input></td>"
                        + "<td><input name='" + count + "user' type='text'></input></td>"
                        + "<td><input name='" + count + "pass' type='text'></input></td>";


                        document.getElementById('custom').value = count;

            }

</script>

<form method="post" action="passbook.php">
 <table id="table" border=5;>
<th>Row #</th>
<th>Selected</th>
<th>Websites</th>
<th>Usernames</th>
<th>Passwords</th>

<?php
session_start();
$connection = mysql_connect('localhost', $_SESSION['username'], $_SESSION['password']) or die ("Could not connect");
$key = mysql_query('SELECT `key` FROM `'.$_SESSION['username'].'`.`info`');
$string = 'SELECT * FROM `'.$_SESSION['username'].'`.`passbook` WHERE 1';
$result = mysql_query($string);
    while($row = mysql_fetch_assoc($result))
    {
        $decUser = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($row['username']), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
        $decPass = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($row['password']), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
        if($row['selected'] == 1 )
            echo "<tr><td style='text-align:center;' value='".$count."'>".$count."</td>
                  <td><input type='checkbox'  name='".$count."check' value='1' checked></td>
                  <td><input type='text' name='".$count."web' value='".$row['website']."'><br></td>
                  <td id='user'><a><input type='text' name='".$count."user' value='".$decUser."'></a></td>
                  <td id='pass'><a><input type='text' name='".$count."pass' value='".$decPass."'></a></td>
                  </tr>";
        else if($row['selected'] == 0)
            echo "<tr><td style='text-align:center;' value='".$count."'>".$count."</td>
                  <td><input type='checkbox'  name='".$count."check' value='0'></td>
                  <td><input type='text' name='".$count."web' value='".$row['website']."'><br></td>
                  <td id='user'><a><input type='text' name='".$count."user' value='".$decUser."'></a></td>
                  <td id='pass'><a><input type='text' name='".$count."pass' value='".$decPass."'></a></td>
                  </tr>";
    $count++;
    }
    ?>
    </table>


    <br/>
 <input type="button" value="Add row" id="AddRow" onclick="addRow()"></input>
 <input type="submit" value="Save Table"></input>
 </form>
    <br/><br/>
 <label id="yes"></label>

 <script type="text/javascript">
 function GotoPage()
 {
 var loc = document.getElementById('scroller').value;
 if(loc!="0")
 window.location = loc;
 }
 </script>


 <select id="scroller" style="height:42px; width:145px;" onchange="GotoPage()" >
 <optgroup label="Home">
<option value="homepage.html">Home</option>
</optgroup>
<optgroup label="View Credentials" >
<option value="passbook.html" selected>Passbook</option>
</optgroup>
<optgroup label="Other" >
 <option value="settings.html" >Settings</option>
</optgroup>
</select>

</body></html>

passbook.php 

session_start();

$connection = mysql_connect('localhost', $_SESSION['username'], $_SESSION['password']) or die ("Could not connect");
$db = mysql_select_db($_SESSION['username'],$connection);
    $num = 0;

foreach ($_POST as $data => $value){
    $num = substr($data, 0 , 1);
 }
    $string = "SELECT `key` FROM `info`";
    $key = mysql_query($string) or die("failureeee");

    for($i = 1; $i <= $num; $i++){
    $username = $_POST[$i.'user'];
    $password = $_POST[$i.'pass'];
    $encUser = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), substr($username,strlen($i)-1), MCRYPT_MODE_CBC, md5(md5($key))));
    $encPass = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), substr($password,strlen($i)-1), MCRYPT_MODE_CBC, md5(md5($key))));
    $website = $_POST[$i.'web'];
    echo "Encrypt" . "<br>"  . $_POST[$i.'check'] . " " . $website . " " . $encUser. " " . $encPass . "<br>";


    if(isset($_POST[$i.'check'])){
            $q = "SELECT * FROM `passbook` WHERE `website`='".$website."'";
            $select = mysql_query($q);
            while($info = mysql_fetch_assoc($select)){
                if($info == $website){
                    $query = "UPDATE `passbook` SET  `selected` = '1',`username` = '".$encUser."',`password`='".$encPass."' WHERE `website`='".$website."'";
                    $run = mysql_query($query);
                }
            }
            if(!isset($query)){
                $query = "INSERT INTO `passbook` (`selected`,`website`,`username`,`password`) VALUES ('1','".$website."','".$encUser."','".$encPass."')";
                $run = mysql_query($query);
                echo "<br>INSERT web=".$website."<br>";
            }
    }
    else{
        $q = "SELECT `website` FROM `".$_SESSION['username']."`.`passbook`";
            $select = mysql_query($q);
            while($info = mysql_fetch_assoc($select)){
                if($info == $website){
                    $q2 = "UPDATE `passbook` SET  `selected` = '0',`username` = '".$encUser."',`password`='".$encPass."' WHERE `website`='".$website."'";
                }

            }
            if(!isset($q2)){
                $run = mysql_query($q2);
            }
            else{
            $q2 = "INSERT INTO `passbook` (`selected`,`website`,`username`,`password`) VALUES ('0','".$website."','".$encUser."','".$encPass."')";
            $run = mysql_query($q2);
                }
        }
    }

1 个答案:

答案 0 :(得分:0)

您的PHP存在重大错误。

  • mysql_函数正在折旧
  • 您将用户提交的值直接发送到数据库,使您容易受到SQL注入
  • 您的代码不合逻辑

在下面的代码中,您尝试将数组 - $ info - 与字符串 - $ website。

进行比较 
while($info = mysql_fetch_assoc($select)){
    if($info == $website){
        $query = "UPDATE `passbook` SET  `selected` = '1',`username` = '".$encUser."',`password`='".$encPass."' WHERE `website`='".$website."'";
        $run = mysql_query($query);
    }
}

我认为你的意思是:

while($info = mysql_fetch_assoc($select)){
    // $info is an array that holds the row's data.  You access an individual "cell" by referencing the column name as the key
    if($info['website'] == $website){
        $query = "UPDATE `passbook` SET  `selected` = '1',`username` = '".$encUser."',`password`='".$encPass."' WHERE `website`='".$website."'";
        $run = mysql_query($query);
    }
}

然后在这段代码中你检查是否设置了$ q2,如果不是,你...尝试使用它执行查询?没有意义。

if(!isset($q2)){
    $run = mysql_query($q2);
}

这是意见,但是......你的“加密”方案毫无意义。您将密钥与加密数据一起存储。如果有人可以访问您的数据库(如果您不修复SQL注入问题,他们将访问它们),他们将拥有解密数据所需的一切。

相关问题
最新问题